Basic cyber hygiene has been a hot topic in cybersecurity, and for good reason. Most of the incidents that impact companies start with failures of basic cyber hygiene, not the super-sophisticated stuff of the movies. See Start with Cybersecurity Basics: Confirmed by Verizon’s 2016 Data Breach Report.
One of the most fundamental rules of cyber hygiene is to encrypt sensitive data–especially when such data is going to be stored on a portable device such as a USB drive! See Checklist for Good Cyber Hygiene.
Now we have learned that a USB memory stick containing the highest level of security secrets for the UK’s Heathrow airport was found lying in the street, unencrypted. The sensitive nature of the information contained on the USB is alarming, as revealed in Heathrow Probe After ‘Security Files Found on USB Stick’.
We do not know if this was sloppiness by those at Heathrow or if someone was stealing this information and placed it on the USB and then lost it. Consider each scenario:
- Assuming it was the former, because portable USB devices are so easily lost, if such devices are used in your organization you must ensure that the devices or the data stored on them are adequately encrypted.
- Assuming it was the latter, because USB devices are such an effective tool for data theft, many organizations are blocking the use of USB devices on their computer systems altogether.